文档简介:
示例
1.下面是一个定义Referer Policy的例子
{
"Version":"2012-10-17", "Id":"http referer policy example", "Statement":[ {
"Sid":"Allow get requests referred by www.mysite.com , mysite.com and empty referer", "Effect":"Allow", "Principal":{ "AWS": ["*"] },
"Action":"s3:*", "Resource":"arn:aws:s3:::example-bucket/*", "Condition":{
"StringLike":{
"aws:Referer":[ "/*", "/*", "" ] } } } ] }
|
2.下面是一个定义IP Policy的例子
{
"Version": "2012-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:*", "Resource": "arn:aws:s3:::example-bucket /*", "Condition" : { "IpAddress" : { "aws:SourceIp": "192.168.143.0/24" }, "NotIpAddress" : { "aws:SourceIp": "192.168.143.188/32" } } } ] } |
3.下面的例子可向匿名用户授予只读权限
下面的示例策略向任何公用匿名用户授予s3:GetObject权限。此权限允许任何人读取对象数据,当用户将bucket配置为网站并且希望每个人都能读取存储桶中的对象时,此配置十分有用。可以将bucket设置为私有,然后配置以下bucket策略。
|
{ "Version":"2012-10-17", "Statement":[ { "Sid":"AddPerm", "Effect":"Allow", "Principal":{ "AWS": ["*"] }, "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::examplebucket/*"] } ] } |
